Web application security: Improving critical web-based applications quality through in-depth security analysis

Teodoro, Nuno; Serrão, Carlos

doi:10.1109/i-society18435.2011.5978496

Cited by 21 publications

(8 citation statements)

References 3 publications

Supporting

Mentioning

Contrasting

Unclassified

Order By: Relevance

“…N. Teodoro, C. Serrão [27] identify the relationship between lack of security and Software Development Life Cycle (SDLC). Based on this analysis, the authors present a set of security automation tools and methodologies that are used in the course of the SDLC to improve the quality of Web applications.…”

Section: Businessmentioning

confidence: 99%

Cybersecurity Model Based on Hardening for Secure Internet of Things Implementation

et al. 2021

View full text Add to dashboard Cite

The inclusion of Internet of Things (IoT) for building smart cities, smart health, smart grids, and other smart concepts has driven data-driven decision making by managers and automation in each domain. However, the hyper-connectivity generated by IoT networks coupled with limited default security in IoT devices increases security risks that can jeopardize the operations of cities, hospitals, and organizations. Strengthening the security aspects of IoT devices prior to their use in different systems can contribute to minimize the attack surface. This study aimed to model a sequence of seven steps to minimize the attack surface by executing hardening processes. Conducted a systematic literature review using Preferred Reporting Items for Systematic Reviews and Meta-Analyses (PRISMA) techniques. In this way, we were able to define a proposed methodology to evaluate the security level of an IoT solution by means of a checklist that considers the security aspects in the three layers of the IoT architecture. A risk matrix adapted to IoT is established to evaluate the attack surface. Finally, a process of hardening and vulnerability analysis is proposed to reduce the attack surface and improve the security level of the IoT solution.

show abstract

Section: Businessmentioning

confidence: 99%

Cybersecurity Model Based on Hardening for Secure Internet of Things Implementation

et al. 2021

View full text Add to dashboard Cite

show abstract

“…Input values that expose these vulnerabilities were searched by a genetic algorithm and, to help the genetic algorithm escape local optima, symbolic constraints were collected at run-time and passed to a solver. Teodoro and C. Serrao [3] discussed the direct implication of the lack of security and the importance of quality of the Software Development Life Cycle (SDLC), and the major factors that influence them. Furthermore, they proposed a set of security automated tools and methodologies that can be used throughout the SDLC as a means to improve critical web-based applications security and quality.…”

Section: Related Workmentioning

confidence: 99%

“…Most of the time, these malicious users succeed in exploiting different types of vulnerabilities and the consequences can be disastrous. Most of these vulnerabilities are directly related with the web-based application"s lack of quality as a result from a poorly implemented Software Development Life Cycle (SDLC) [3]. According to Tian et al [4] web application software security becomes more and more important as a result information access through web applications.…”

Section: Introductionmentioning

confidence: 99%

Structured Query Language Injection (SQLI) Attacks: Detection and Prevention Techniques in Web Application Technologies

YawAsabere¹,

Torgby²

2013

IJCA

View full text Add to dashboard Cite

This paper investigates and reports on web application vulnerabilities with a specific focus on Structured Query Language Injection (SQLI) attacks and measures and how to counter such threats. SQLI attacks cause very serious dangers to web applications, they make it possible for attackers to get unhindered access to the primary source of data which is in the database and possibly the very sensitive information that the database contains. Even though practitioners and researchers in the web application security field have proposed a range of techniques to get to the bottom of the SQLI attack challenge, presently adopted approaches have either resolved the problem to some extent or have inadequacies that prevent their use and adoption. To help address this challenge, this paper presents a broad review of SQL injection attacks. An appraisal of current detection and prevention techniques against SQL injection attacks are also presented. Furthermore, a vulnerability assessment was conducted on the Centre for Computational Intelligence (CCI) Website as a case study. A snippet code that can be used to redesign the CCI website as a protective measure to counter threats of SQLI was proposed. An examination of this paper indicates that current solutions being promoted may not address the problem, and that web application firewalls provides the answer to SQLI attacks.

show abstract

“…Mesmo aqueles sistemas que oferecem serviços onlinemenos atraentes são alvo de ataques, pois os servidores que hospedam os sistemas online vulneráveis servem para os atacantes como pontes para consequentesataques às vítimas mais visadas, como aquelas que possuem dados e informações financeiras de clientes. Logo, é visível a crescente necessidade de boas práticas de segurança no contexto de sistemas Web [8,9]. Isso inclui, com especial atenção, a detecção e o diagnóstico de vulnerabilidades nos sistemas.…”

Section: Introductionunclassified

“…Entre osmaisfrequentesestãoa inclusão remota de arquivos, SQL Injection e cross-scripting [15]. Não obstante, existem outros tipos de vulnerabilidades, comoformasavançadas e de segundaordem de XSS e SQL-i, variações de Cross-Channel Scripting eCross-Site Request Forgery, que aindaestãodescobertaspelasferramentasexisten tes [11].Osresultadosde diferentes pesquisas [8,9,11,12,13] apontamqueaindaháespaçoparainvestigação, inovação e desenvolvimentona área de scanners de vulnerabilidadesvoltados paraaplicações Web.…”

Section: Introductionunclassified

Uma Ferramenta Livre e ExtensÍVel Para Detecção de Vulnerabilidades em Sistemas Web

Rocha¹,

Kreutz²,

Turchetti³

2012

COMPUTER

View full text Add to dashboard Cite

The increasing number of intrusions and data thefts on online systems is one of the triggers of the gro wing concern about security inside organizations. Nowadays, dynamic and extensible detection tools are required and critical to detect and diagnose vulnerabilities in Web systems. In this paper we present the development and evaluation of a vulnerability scanner for online systems. Unlike most existing tools, it is free and open source, available at SourceFo rge, and has a modular and extensible arch itecture. The achieved results show that the proposed tool, called Un iscan, is able to better detect and diagnose vulnerabilit ies such as LFI, RFI and RCE.

show abstract

Web application security: Improving critical web-based applications quality through in-depth security analysis

Cited by 21 publications

References 3 publications

Cybersecurity Model Based on Hardening for Secure Internet of Things Implementation

Cybersecurity Model Based on Hardening for Secure Internet of Things Implementation

Structured Query Language Injection (SQLI) Attacks: Detection and Prevention Techniques in Web Application Technologies

Uma Ferramenta Livre e ExtensÍVel Para Detecção de Vulnerabilidades em Sistemas Web

Contact Info

Product

Resources

About